A Security researcher discovered a critical privacy vulnerability on Verizon Wireless's Web-based customer portal that allows anyone to download user's SMS History and Numbers of other users he communicated with.
Back in August, researcher 'Cody Collier' found that a simple URL exploit could allow any subscriber to extract data using 'Download to SpreadSheet' function.
To exploit, an attacker only needs to modify the subscriber's phone number in the URL and this would give an attacker access to the SMS history to the targeted account.
https://wbillpay.verizonwireless.com/vzw/accountholder/unbilledusage/UnbilledMessaging.action?d-455677-e=2&1548506v4671=1&mtn=999999999
Where variable 'mtn' within the URL defines the mobile number and an attacker just need to modify this. "Message details consist of: Date, Time, To, From, and Direction an SMS or MMS took place. With no user interaction, all that was required was a subscriber's phone number." he explained.
There were no safeguards to ensure that the person downloading the spreadsheet owned that number, potentially exposing tens of millions of Verizon customer contact lists and texting habits.
As Verizon's site doesn't offer any direct contact info to report vulnerabilities, so he finds someone on LinkedIn who had forwarded his request to Verizon's corporate security.
Now Verizon has created a dedicated email contact, CorporateSecurity@verizonwireless.com, to field these security issues.
We are also trying to reach Verizon for comment on this serious Privacy issue and will update should we hear back.